Crypto Clash: Beijing Blames US for LuBian's 127,000 BTC Bitcoin Exploit

The debate over the attribution of LuBian's massive Bitcoin exploit of 2020 has intensified, with China's National Computer Virus Emergency Response Center (CVERC) publicly accusing the US of being the author.

This narrative clashes with the results of Western forensic research, which has identified the cause of the event as a flaw in random number generation without naming any state actor.

The incident, well documented by open sources such as Arkham, saw some 127,000 BTC moved from wallets associated with the LuBian mining pool between 28 and 29 December 2020.

The team of MilkSad research and the CVE-2023-39910 determined that the wallets were created with software that used only 32 bits of entropy for the MT19937 seed, exposing batches of P2SH-P2WPKH addresses to brute force attacks.

Forense and Final Custody

The funds, after years of dormancy, are now under the control of the US government. The Department of Justice (DOJ) is pursuing the forfeiture of some 127,271 BTC, tying them to alleged fraud and money laundering linked to Chen Zhi and the Prince Group.

Elliptic and on-chain sleuths such as ZachXBT have confirmed that the addresses cited in the DOJ's complaint overlap with LuBian's previously identified cluster of weak keys.

However, the technical teams that first identified the flaw did not claim knowledge of the perpetrator of the 2020 exploit, referring to the entity as a "hacker" or an "unknown actor".

China's Attribution Jump

The CVERC, amplified by the CCP-owned Global Times, justifies the attribution to the US on two circumstantial inferences: the four-year dormancy period of the funds (deemed abnormal for common criminality) and the subsequent final custody of the coins by the US government. CVERC's technical report is otherwise in line with independent research.

There are at least three plausible readings of the facts:

1. An unknown actor exploited the flaw in 2020, and US authorities subsequently obtained the keys through investigative seizures.
2. The apparent "hack" was actually an internal opaque movement within the LuBian/Prince Group network.
3. The US state actor executed the exploit in 2020 and later converted it into a criminal seizure, as CVERC alleges.

While the first two readings are in line with the evidentiary posture of the DOJ and forensic firms, the third is a political allegation unsupported by new independent technical evidence in the public domain.